LogoopenSUSE Build Service > Projects
Sign Up | Log In

View File openssl-0.9.7d-padlock-engine.diff of Package compat-openssl097g (Project openSUSE:11.4)

Index: crypto/engine/hw_padlock.c
===================================================================
--- /dev/null
+++ crypto/engine/hw_padlock.c
@@ -0,0 +1,734 @@
+/* 
+ * Support for VIA PadLock Advanced Cryptography Engine (ACE)
+ * Written by Michal Ludvig <michal@logix.cz>
+ *            http://www.logix.cz/michal
+ *
+ * Date: May 13, 2004
+ */
+
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include <string.h>
+#include <inttypes.h>
+
+#include <netinet/in.h>	/* we need htonl() */
+
+#include <openssl/crypto.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_PADLOCK
+
+/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
+#if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
+#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
+#    define DYNAMIC_ENGINE
+#  endif
+#elif (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+#  ifdef ENGINE_DYNAMIC_SUPPORT
+#    define DYNAMIC_ENGINE
+#  endif
+#else
+#  error "Only OpenSSL >= 0.9.7 is supported"
+#endif
+
+/* VIA PadLock AES is available *ONLY* on some x86 CPUs.
+   Not only that it doesn't exist elsewhere, but it
+   even can't be compiled on other platforms!
+ 
+   In addition, because of the heavy use of inline assembler,
+   you must use GNU GCC for now. This is not a "technology
+   limitation", I simply didn't have a chance to test other
+   compilers and instead chosen the safe way :-) */
+#if defined(__i386__) && !defined(__amd64__) && defined(__GNUC__)
+#define COMPILE_HW_PADLOCK
+#else
+#undef COMPILE_HW_PADLOCK
+#endif
+
+static ENGINE *ENGINE_padlock (void);
+
+void ENGINE_load_padlock (void)
+{
+/* On non-x86 CPUs it just returns. */
+#ifdef COMPILE_HW_PADLOCK
+	ENGINE *toadd = ENGINE_padlock ();
+	if (!toadd) return;
+	ENGINE_add (toadd);
+	ENGINE_free (toadd);
+	ERR_clear_error ();
+#endif
+}
+
+#ifdef COMPILE_HW_PADLOCK
+/* Function for ENGINE detection and control */
+static int padlock_available(void);
+static int padlock_init(ENGINE *e);
+
+/* RNG Stuff */
+static RAND_METHOD padlock_rand;
+
+/* Cipher Stuff */
+static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
+
+/* Engine names */
+static const char *padlock_id = "padlock";
+static char padlock_name[100];
+
+/* Available features */
+static int padlock_use_ace = 0;	/* Advanced Cryptography Engine */
+static int padlock_use_rng = 0;	/* Random Number Generator */
+
+/* ===== Engine "management" functions ===== */
+
+/* Prepare the ENGINE structure for registration */
+static int
+padlock_bind_helper(ENGINE *e)
+{
+	/* Check available features */
+	padlock_available();
+
+	/* Generate a nice engine name with available features */
+	snprintf(padlock_name, sizeof(padlock_name), "VIA PadLock (%s, %s)", 
+		 padlock_use_rng ? "RNG" : "no-RNG",
+		 padlock_use_ace ? "ACE" : "no-ACE");
+
+	/* Register everything or return with an error */ 
+	if (!ENGINE_set_id(e, padlock_id) ||
+	    !ENGINE_set_name(e, padlock_name) ||
+
+	    !ENGINE_set_init_function(e, padlock_init) ||
+
+	    (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
+	    (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
+		return 0;
+	}
+
+	/* Everything looks good */
+	return 1;
+}
+
+/* Constructor */
+static ENGINE *
+ENGINE_padlock(void)
+{
+	ENGINE *eng = ENGINE_new();
+
+	if (!eng) {
+		return NULL;
+	}
+
+	if (!padlock_bind_helper(eng)) {
+		ENGINE_free(eng);
+		return NULL;
+	}
+
+	return eng;
+}
+
+/* Helper function - check if a CPUID instruction
+   is available on this CPU */
+static int
+padlock_insn_cpuid_available(void)
+{
+	uint32_t result = -1;
+
+	/* TODO: handle the "red-zone" once this 
+		 module is enabled on AMD64 */
+	/* We're checking if the bit #21 of EFLAGS 
+	   can be toggled. If yes = CPUID is available. */
+	asm volatile (
+		"pushf\n"
+		"popl %%eax\n"
+		"xorl $0x200000, %%eax\n"
+		"movl %%eax, %%ecx\n"
+		"andl $0x200000, %%ecx\n"
+		"pushl %%eax\n"
+		"popf\n"
+		"pushf\n"
+		"popl %%eax\n"
+		"andl $0x200000, %%eax\n"
+		"xorl %%eax, %%ecx\n"
+		"movl %%ecx, %0\n"
+		: "=r" (result) : : "eax", "ecx");
+	
+	return (result == 0);
+}
+
+static int
+padlock_available(void)
+{
+	uint32_t eax, edx;
+
+	/* First check if the CPUID instruction is available at all... */
+	if (! padlock_insn_cpuid_available())
+		return 0;
+
+	/* Check for Centaur Extended Feature Flags presence */
+	eax = 0xC0000000;
+	asm volatile ("pushl %%ebx; cpuid; popl %%ebx" : "+a"(eax) : : "ecx", "edx");
+	if (eax < 0xC0000001)
+		return 0;
+
+	/* Read the Centaur Extended Feature Flags */
+	eax = 0xC0000001;
+	asm volatile ("pushl %%ebx; cpuid; popl %%ebx" : "+a"(eax), "=d"(edx) : : "ecx");
+
+	/* Fill up some flags */
+	padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6));
+	padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2));
+
+	return padlock_use_ace + padlock_use_rng;
+}
+
+/* Check availability of the engine */
+static int
+padlock_init(ENGINE *e)
+{
+	return (padlock_use_rng || padlock_use_ace);
+}
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library.
+ */
+#ifdef DYNAMIC_ENGINE
+static int
+padlock_bind_fn(ENGINE *e, const char *id)
+{
+	if (id && (strcmp(id, padlock_id) != 0)) {
+		return 0;
+	}
+
+	if (!padlock_bind_helper(e))  {
+		return 0;
+	}
+
+	return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN ();
+IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn);
+#endif /* DYNAMIC_ENGINE */
+
+/* ===== Here comes the "real" engine ===== */
+
+#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
+#define NID_aes_128_cfb	NID_aes_128_cfb128
+#endif
+
+#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
+#define NID_aes_128_ofb	NID_aes_128_ofb128
+#endif
+
+#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
+#define NID_aes_192_cfb	NID_aes_192_cfb128
+#endif
+
+#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
+#define NID_aes_192_ofb	NID_aes_192_ofb128
+#endif
+
+#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
+#define NID_aes_256_cfb	NID_aes_256_cfb128
+#endif
+
+#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
+#define NID_aes_256_ofb	NID_aes_256_ofb128
+#endif
+
+/* List of supported ciphers. */
+static int padlock_cipher_nids[] = {
+	NID_aes_128_ecb,
+	NID_aes_128_cbc,
+	NID_aes_128_cfb,
+	NID_aes_128_ofb,
+
+	NID_aes_192_ecb,
+	NID_aes_192_cbc,
+//	NID_aes_192_cfb,	/* FIXME: AES192/256 CFB/OFB don't work. */
+//	NID_aes_192_ofb,
+
+	NID_aes_256_ecb,
+	NID_aes_256_cbc,
+//	NID_aes_256_cfb,
+//	NID_aes_256_ofb,
+};
+static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids)/
+				      sizeof(padlock_cipher_nids[0]));
+
+/* Function prototypes ... */
+static int padlock_aes_init_key_128(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+				    const unsigned char *iv, int enc);
+static int padlock_aes_init_key_192(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+				    const unsigned char *iv, int enc);
+static int padlock_aes_init_key_256(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+				    const unsigned char *iv, int enc);
+static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			      const unsigned char *in, unsigned int inl);
+
+/* Some AES-related constants */
+#define AES_BLOCK_SIZE		16
+#define AES_KEY_SIZE_128	16
+#define AES_KEY_SIZE_192	24
+#define AES_KEY_SIZE_256	32
+
+#define AES_KEY_WORDS		(4 * (AES_MAXNR + 1))
+#define	AES_KEY_BYTES		(AES_KEY_WORDS * 4)
+
+/* Here we store the plain key for AES128
+   and the extended key for AES192/AES256 */
+struct padlock_aes_key
+{
+	uint32_t aes_key[AES_KEY_WORDS];
+	int extended;
+};
+
+/* Declaring so many ciphers by hand would be a pain.
+   Instead introduce a bit of preprocessor magic :-) */
+#define	DECLARE_AES_EVP(ksize,lmode,umode)	\
+static const EVP_CIPHER padlock_aes_##ksize##_##lmode = {	\
+	NID_aes_##ksize##_##lmode,		\
+	AES_BLOCK_SIZE,			\
+	AES_KEY_SIZE_##ksize,		\
+	AES_BLOCK_SIZE,			\
+	0 | EVP_CIPH_##umode##_MODE,	\
+	padlock_aes_init_key_##ksize,	\
+	padlock_aes_cipher,		\
+	NULL,				\
+	sizeof(struct padlock_aes_key),	\
+	EVP_CIPHER_set_asn1_iv,		\
+	EVP_CIPHER_get_asn1_iv,		\
+	NULL,				\
+	NULL				\
+}
+
+DECLARE_AES_EVP(128,ecb,ECB);
+DECLARE_AES_EVP(128,cbc,CBC);
+DECLARE_AES_EVP(128,cfb,CFB);
+DECLARE_AES_EVP(128,ofb,OFB);
+
+DECLARE_AES_EVP(192,ecb,ECB);
+DECLARE_AES_EVP(192,cbc,CBC);
+DECLARE_AES_EVP(192,cfb,CFB);
+DECLARE_AES_EVP(192,ofb,OFB);
+
+DECLARE_AES_EVP(256,ecb,ECB);
+DECLARE_AES_EVP(256,cbc,CBC);
+DECLARE_AES_EVP(256,cfb,CFB);
+DECLARE_AES_EVP(256,ofb,OFB);
+
+static int
+padlock_ciphers (ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
+{
+	/* No specific cipher => return a list of supported nids ... */
+	if (!cipher) {
+		*nids = padlock_cipher_nids;
+		return padlock_cipher_nids_num;
+	}
+
+	/* ... or the requested "cipher" otherwise */
+	switch (nid) {
+	  case NID_aes_128_ecb:
+	    *cipher = &padlock_aes_128_ecb;
+	    break;
+	  case NID_aes_128_cbc:
+	    *cipher = &padlock_aes_128_cbc;
+	    break;
+	  case NID_aes_128_cfb:
+	    *cipher = &padlock_aes_128_cfb;
+	    break;
+	  case NID_aes_128_ofb:
+	    *cipher = &padlock_aes_128_ofb;
+	    break;
+
+	  case NID_aes_192_ecb:
+	    *cipher = &padlock_aes_192_ecb;
+	    break;
+	  case NID_aes_192_cbc:
+	    *cipher = &padlock_aes_192_cbc;
+	    break;
+	  case NID_aes_192_cfb:
+	    *cipher = &padlock_aes_192_cfb;
+	    break;
+	  case NID_aes_192_ofb:
+	    *cipher = &padlock_aes_192_ofb;
+	    break;
+
+	  case NID_aes_256_ecb:
+	    *cipher = &padlock_aes_256_ecb;
+	    break;
+	  case NID_aes_256_cbc:
+	    *cipher = &padlock_aes_256_cbc;
+	    break;
+	  case NID_aes_256_cfb:
+	    *cipher = &padlock_aes_256_cfb;
+	    break;
+	  case NID_aes_256_ofb:
+	    *cipher = &padlock_aes_256_ofb;
+	    break;
+
+	  default:
+	    /* Sorry, we don't support this NID */
+	    *cipher = NULL;
+	    return 0;
+	}
+
+	return 1;
+}
+
+/* Generate an extended AES key in software. Needed for AES192/AES256 */
+static int
+padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key,
+		      const unsigned char *iv, int enc,
+		      int key_len)
+{
+	AES_KEY ks;
+	struct padlock_aes_key *tmp_aes_key = NULL;
+	int i;
+
+	tmp_aes_key = (struct padlock_aes_key *) (ctx->cipher_data);
+	memset(tmp_aes_key, 0, sizeof(struct padlock_aes_key));
+	if (key) {
+		if (enc)
+			AES_set_encrypt_key(key, key_len, &ks);
+		else
+			AES_set_decrypt_key(key, key_len, &ks);
+
+		/* OpenSSL internal functions use byte-swapped extended key. */
+		for (i = 0; i < AES_KEY_WORDS; i++)
+			tmp_aes_key->aes_key[i] = htonl(ks.rd_key[i]);
+
+		tmp_aes_key->extended = 1;
+	}
+
+	return 1;
+}
+
+/* PadLock can generate an extended key for AES128 in hardware */
+static int
+padlock_aes_init_key_128(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			  const unsigned char *iv, int enc)
+{
+	struct padlock_aes_key *tmp_aes_key = NULL;
+
+	tmp_aes_key = (struct padlock_aes_key *) (ctx->cipher_data);
+	memset(tmp_aes_key, 0, sizeof(struct padlock_aes_key));
+	if (key) {
+		memcpy (tmp_aes_key->aes_key, key, AES_KEY_SIZE_128);
+		tmp_aes_key->extended = 0;
+	}
+
+	return 1;
+}
+
+static int
+padlock_aes_init_key_192(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			  const unsigned char *iv, int enc)
+{
+	return padlock_aes_init_key(ctx, key, iv, enc, 192);
+}
+
+static int
+padlock_aes_init_key_256(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			  const unsigned char *iv, int enc)
+{
+	return padlock_aes_init_key(ctx, key, iv, enc, 256);
+}
+
+/* Data for the VIA PadLock *must* be aligned on 16-Bytes boundaries! */
+static void *
+padlock_aligned_malloc(size_t size, size_t alignment, void **index)
+{
+	char *ptr;
+
+	ptr = malloc(size + alignment);
+	*index = ptr;
+	if (alignment > 1 && ((long)ptr & (alignment - 1))) {
+		ptr += alignment - ((long)ptr & (alignment - 1));
+	}
+
+	return ptr;
+}
+
+/* Control word. */
+union cword {
+	uint32_t cword[4];
+	struct {
+		int rounds:4;
+		int algo:3;
+		int keygen:1;
+		int interm:1;
+		int encdec:1;
+		int ksize:2;
+	} b;
+};
+
+/* Template for all modes */
+#define PADLOCK_XCRYPT_ASM(name,opcode) \
+static inline void name(uint8_t *input, uint8_t *output, uint8_t *key,	\
+			uint8_t **iv, void *control_word, uint32_t count)	\
+{										\
+	asm volatile ("pushfl; popfl\n"						\
+		      "movl %%ebx, -4(%%esp)\n"					\
+		      "movl %%eax, %%ebx\n"					\
+		      "movl %0, %%eax\n"					\
+		      "movl (%%eax), %%eax\n"					\
+		      opcode "\n"						\
+		      "movl %0, %%ebx\n"					\
+		      "movl %%eax, (%%ebx)\n"					\
+		      "movl -4(%%esp), %%ebx\n"					\
+		      : "+m"(iv), "+S"(input), "+D"(output)			\
+		      : "a"(key), "c"(count), "d"(control_word));		\
+}
+
+/* Generate all functions with appropriate opcodes */
+PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8");	/* rep xcryptecb */
+PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0");	/* rep xcryptcbc */
+PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0");	/* rep xcryptcfb */
+PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8");	/* rep xcryptofb */
+
+/* Re-align the arguments to 16-Bytes boundaries and run the 
+   encryption function itself. This function is not AES-specific. */
+static inline void
+padlock_aligner(uint8_t *out_arg, const uint8_t *in_arg, uint8_t *iv_arg,
+		void *key, union cword *cword, size_t nbytes,
+		size_t blocksize, int mode)
+{
+	/* Don't blindly modify this structure - the items must 
+	   be 16-Bytes aligned! */
+	struct padlock_xcrypt_data {
+		uint8_t iv[2*blocksize];		/* Initialization vector */
+	};
+
+	uint8_t *in, *out, *iv;
+	void *index = NULL;
+	char bigbuf[sizeof(struct padlock_xcrypt_data) + 16];
+	struct padlock_xcrypt_data *data;
+	
+	memset(bigbuf, 0, sizeof (bigbuf));
+
+	/* Place 'data' at the first 16-Bytes aligned address in 'bigbuf' */
+	if (((long)bigbuf) & 0x0F)
+		data = (void*)(bigbuf + 16 - ((long)bigbuf & 0x0F));
+	else
+		data = (void*)bigbuf;
+
+	/* Always make a local copy of IV - xcrypt may change it! */
+	iv = data->iv;
+	if (iv_arg)
+		memcpy(iv, iv_arg, blocksize);
+
+	/* Align 'in_arg' */
+	if (((long)in_arg) & 0x0F) {
+		in = padlock_aligned_malloc(nbytes, 16, &index);
+		memcpy(in, in_arg, nbytes);
+	}
+	else
+		in = (uint8_t*)in_arg;
+
+	/* Align 'out_arg' */
+	if (((long)out_arg) & 0x0F) {
+		if (index)
+			out = in;	/* xcrypt can work "in place" */
+		else
+			out = padlock_aligned_malloc(nbytes, 16, &index);
+	}
+	else
+		out = out_arg;
+
+	/* Run xcrypt for a requested mode */
+	switch (mode) {
+		case EVP_CIPH_ECB_MODE:
+			padlock_xcrypt_ecb(in, out, key, &iv, cword, nbytes/blocksize);
+			break;
+
+		case EVP_CIPH_CBC_MODE:
+			padlock_xcrypt_cbc(in, out, key, &iv, cword, nbytes/blocksize);
+			break;
+
+		case EVP_CIPH_CFB_MODE:
+			padlock_xcrypt_cfb(in, out, key, &iv, cword, nbytes/blocksize);
+			break;
+
+		case EVP_CIPH_OFB_MODE:
+			padlock_xcrypt_ofb(in, out, key, &iv, cword, nbytes/blocksize);
+			break;
+
+		default:
+			break;
+	}
+
+	/* Copy the 16-Byte aligned output to the caller's buffer. */
+	if (out != out_arg)
+		memcpy(out_arg, out, nbytes);
+
+	/* Save modified IV */
+	memcpy (iv_arg, iv, blocksize);
+
+	if (index)
+		free(index);
+
+}
+
+/* Entry point specific for AES cipher */
+static int
+padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+		   const unsigned char *in, unsigned int in_len)
+{
+	char bigbuf[sizeof(union cword) + 16];
+	union cword *cword;
+	void *key_arg, *key, *iv, *index_key=NULL;
+	int mode = EVP_CIPHER_CTX_mode(ctx);
+	int key_len = EVP_CIPHER_CTX_key_length(ctx);
+	struct padlock_aes_key *aes_key = (struct padlock_aes_key *) (ctx->cipher_data);
+
+	/* Place 'data' at the first 16-Bytes aligned address in 'bigbuf'. */
+	if (((long)bigbuf) & 0x0F)
+		cword = (void*)(bigbuf + 16 - ((long)bigbuf & 0x0F));
+	else
+		cword = (void*)bigbuf;
+
+	/* Prepare Control word. */
+	memset (cword, 0, sizeof(union cword));
+	cword->b.encdec = (ctx->encrypt == 0);
+	cword->b.rounds = 10 + (key_len - 16) / 4;
+	cword->b.ksize = (key_len - 16) / 8;
+	cword->b.keygen = aes_key->extended;
+
+	key_arg = aes_key->aes_key;
+	if ((long)key_arg & 0x0f) {
+		key = padlock_aligned_malloc(AES_KEY_BYTES, 16, &index_key);
+		memcpy (key, key_arg, AES_KEY_BYTES);
+	} else
+		key = key_arg;
+
+	iv = ctx->iv;
+
+	padlock_aligner(out, in, iv, key, cword,
+			in_len, AES_BLOCK_SIZE, mode);
+
+	if (index_key)
+		free(index_key);
+
+	return 1;
+}
+
+/* ===== Random Number Generator ===== */
+
+/* The RNG call itself */
+static inline uint32_t
+padlock_xstore(unsigned char **output_addr, uint32_t edx_in,
+	       uint32_t count)
+{
+	uint32_t eax_out;
+
+	asm volatile (".byte 0xf3,0x0f,0xa7,0xc0"	/* rep xstore */
+	    : "+D"(*output_addr), "=a"(eax_out)	/* output */
+	    : "d" (edx_in), "c"(count)	 	/* input */
+	    );
+
+	return eax_out;
+}
+
+/* Wrapper that provides an interface between the API and 
+   the raw PadLock RNG */
+static int
+padlock_rand_bytes(unsigned char *output, int count)
+{
+	unsigned char *pptr = output;
+	unsigned char buf[8];
+	int orig_count = count;
+	
+	/* xstore always stores at least 4 bytes - we must avoid 
+	   overwriting of innocent data! */
+	if (count > 4) {
+		/* 3 ... magic constant, see PadLock RNG docs */
+		padlock_xstore(&pptr, 3, count - 4);
+		count = 4;
+	}
+	if (count > 0) {
+		pptr = buf;
+		padlock_xstore(&pptr, 3, count);
+		memcpy(output + orig_count - count, buf, count);
+	}
+	return 1;
+}
+
+/* Dummy but necessary function */
+static int
+padlock_rand_status(void)
+{
+	return 1;
+}
+
+/* Prepare structure for registration */
+static RAND_METHOD padlock_rand = {
+	NULL,			/* seed */
+	padlock_rand_bytes,	/* bytes */
+	NULL,			/* cleanup */
+	NULL,			/* add */
+	padlock_rand_bytes,	/* pseudorand */
+	padlock_rand_status,	/* rand status */
+};
+
+#endif /* COMPILE_HW_PADLOCK */
+
+#endif /* !OPENSSL_NO_HW_PADLOCK */
+#endif /* !OPENSSL_NO_HW */